chore(db): no-op legacy migration 0002; gitignore QA audit scratch

The 0002_admin_password.sql migration referenced a 'users' table that
no longer exists — auth moved from Auth.js Credentials to Neon Auth
(Better Auth), which owns its own neon_auth.user schema.

The migration was being recorded in _migrations to skip, but a fresh DB
or new environment would fail with 'relation users does not exist'.
scripts/migrate.js already had an ensureTracked() repair path that
auto-marks 0002 applied when the users.password_hash column exists,
so legacy DBs still work. For fresh DBs, this rewrite replaces the
broken ALTER with a no-op SELECT 1, preserving the 0002 slot so
0003_*.sql onward numbering is unaffected.

Also add .gitignore entries for local-only QA artifacts:
- db/migrations/0000_qa_*.sql (Neon Auth stub for local audit)
- db/seeds/2026-qa-*.sql      (production-scale audit seed)
- docs/qa/                    (local audit plan/inventory/bugs)

These files should never apply to production (the migration stub
would conflict with real neon_auth.user; the seed is 1000s of rows).
Tracking progress in /tmp/refactor-routecomm.md.
This commit is contained in:
Nora
2026-06-25 21:45:55 -06:00
parent 880c52227a
commit 4d295ef062
2 changed files with 19 additions and 16 deletions
+6
View File
@@ -49,3 +49,9 @@ playwright-report/
public/videos/tuxedo-hero.mp4
.neon
.worktrees/
# Local QA audit scratch — never applies to prod
# (Neon Auth stub, scale seed, audit docs created by local audit runs)
db/migrations/0000_qa_*.sql
db/seeds/2026-qa-*.sql
docs/qa/
+13 -16
View File
@@ -1,20 +1,17 @@
-- 0002_admin_password.sql
-- 0002_admin_password.sql (no-op)
--
-- Adds a `password_hash` column to `users` so the Auth.js Credentials
-- provider can verify email + password against the database.
-- This migration slot is preserved for historical DB compatibility.
-- The original content added a `password_hash` column to a legacy `users`
-- table used by the old Auth.js Credentials provider. That table no longer
-- exists — auth moved to Neon Auth (Better Auth), which manages its own
-- `neon_auth.user` schema. See CLAUDE.md "Authentication & Authorization".
--
-- Idempotent: uses `ADD COLUMN IF NOT EXISTS`. The column is nullable
-- because OAuth-only users (Google) never set a password.
-- Production DBs that ran the original migration already have this filename
-- recorded in `_migrations` and will skip it. Fresh DBs would otherwise
-- fail on `ALTER TABLE users`; this no-op keeps the apply path clean while
-- preserving the migration numbering (0003_*.sql onward is unaffected).
--
-- The Credentials provider's `authorize` function is documented in
-- `src/lib/auth.ts` — it queries this column and runs `verifyPassword`
-- (see `src/lib/passwords.ts`) before returning the user.
-- Do not reintroduce an `ALTER TABLE users` here — the table does not exist
-- and Neon Auth owns user identity.
-- Transaction is managed by the migrate runner (scripts/migrate.js).
-- File kept small and re-runnable via IF NOT EXISTS on the ALTER.
ALTER TABLE users
ADD COLUMN IF NOT EXISTS password_hash TEXT;
-- Update the updated_at trigger tracking — no new triggers needed since
-- `users` already has `set_updated_at` from migration 0001.
SELECT 1;